Shocking: Sensitive medical data of Andhra Pradesh residents on the web

HYDERABAD: Shocking!!! Sensitive medical details of patients who bought medicines from government supported generic medicine stores have been uploaded on its portal anna sanjivini by the Andhra Pradesh government.

The details were shared by the Society for Elimination of Rural Poverty Department of Rural Poverty of AP government on its website http://annasanjivini.ap.gov.in/Home-Pages/LoginPage.aspx Home-Pages/LoginPage.aspx.

Anna sanjivini is a chain of generic medical stories run by self-help groups, uploaded the sales of medicines, along with the names and mobile numbers of customers.

It has been reported that the details of patients who bought medicines ranging from viagra to cholesterol-reducing medicines were shared on the anna sanjivini site. The details of cumulative sales — regional and store wise — were put up on the website.

Srinivas Kodali, the data security researcher has alerted the authorities about it and the website link connecting to AP CM’s dashboard was brought down on Monday.

Speaking with TOI Srinivas Kodali said, “Anyone can browse Anna sajnivini’s website and access the details including names and phone numbers of patients who bought medicines from the generic stories. Insurance companies and hospitals can prey on this data. Anyone can figure out the disease a person has with the medicines they are buying. It is a breach of privacy. This is not the first time AP government has leaked personal info online.”

The generic drugs stores were set up for selling medicines at lesser price than the market rates offered by retail companies.

IT advisor to AP government, J Satyanarayana, told TOI: “Four years ago, we had a similar problem. Then we directed health department officials to put in public domain only overall sales and balance stock in government hospitals. This time, it could be an oversight or programming error. We will ask the departments to be cautious about data leak.”

The New Indian Express has reported that Chief Minister N Chandrababu Naidu has directed the IT department to audit all the portals once again in the wake of the reports on sensitive public data being freely available on State government websites.

Speaking to TNIE, principal secretary of IT, K Vijayanand, said, "We have asked the Andhra Pradesh State Cyber Security Operations Centre (APCSOC) to conduct an audit of all the departments' websites to identify if any sensitive public data is available on them. Here on, we will audit all the portals for both cybersecurity vulnerabilities and privacy issues. The audits will be done on a monthly basis."

Stating that the department was aware of the issues, IT secretary Vijayanand explained, "We are going to give SOC access to all the servers. Therefore, the SOC officials need not visit offices of the various departments anymore, and can monitor and take corrective steps from the SOC itself."